apparmor profile denies access to /run/utmp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsyslog (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The Apparmor profile of rsyslogd, when enabled, prevents the daemon from reading /run/utmp:
Jan 15 16:59:53 log kernel: [15515.765872] type=1400 audit(135828719
This is the first time I see this denial since I enabled the profile many months ago. The easy fix seems to simply include the "wutmp" abstraction to the profile.
The only thing I can see that could have triggered this, is the *heavy* IO load of the underlying hypervisor powering this VM. Other VMs on the same hypervisor emitted "BUG: soft lockup - CPU#0 stuck for 39s! [flush-253:0:734]" at the same second as the rsyslog apparmor denial.
$ lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
$ apt-cache policy rsyslog
rsyslog:
Installed: 5.8.6-1ubuntu8
Candidate: 5.8.6-1ubuntu8
Version table:
*** 5.8.6-1ubuntu8 0
500 http://
100 /var/lib/
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: rsyslog 5.8.6-1ubuntu8
ProcVersionSign
Uname: Linux 3.2.0-35-virtual x86_64
NonfreeKernelMo
ApportVersion: 2.0.1-0ubuntu17.1
Architecture: amd64
Date: Tue Jan 15 17:08:14 2013
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: rsyslog
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile.
Another intresting thing to note, apport-bug experienced a crash when reporting this bug:
root@log:~# apport-bug rsyslog
*** Collecting problem information
The collected information can be sent to the developers to improve the conf". Would you like to add the contents of it to your bug report?
application. This might take a few minutes.
..............
*** It seems you have modified the contents of "/etc/rsyslog.
What would you like to do? Your options are: apport/ general- hooks/ubuntu. py crashed: python2. 7/dist- packages/ apport/ report. py", line 719, in add_hooks_info 'add_info' ](self, ui) apport/ general- hooks/ubuntu. py", line 144, in add_info subprocess. STDOUT) == 0: python2. 7/subprocess. py", line 493, in call python2. 7/subprocess. py", line 679, in __init__ python2. 7/subprocess. py", line 1249, in _execute_child
Y: Yes
N: No
C: Cancel
Please choose (Y/N/C): y
ERROR: hook /usr/share/
Traceback (most recent call last):
File "/usr/lib/
symb[
File "/usr/share/
stderr=
File "/usr/lib/
return Popen(*popenargs, **kwargs).wait()
File "/usr/lib/
errread, errwrite)
File "/usr/lib/
raise child_exception
OSError: [Errno 2] No such file or directory
..
The bug report continued apparently normally but some bug attachments seem to be missing.